US 9,813,443 B1
Systems and methods for remediating the effects of malware
Sonia Subramanian, Marina Del Rey, CA (US)
Assigned to Symantec Corporation, Mountain View, CA (US)
Filed by Symantec Corporation, Mountain View, CA (US)
Filed on Feb. 13, 2015, as Appl. No. 14/621,416.
Int. Cl. G06F 11/00 (2006.01); H04L 29/06 (2006.01)
CPC H04L 63/145 (2013.01) 12 Claims
OG exemplary drawing
 
1. A computer-implemented method for remediating the effects of malware, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
identifying a plurality of files on a client device;
determining, using digital fingerprints that identify the plurality of files, that reputation of each of the plurality of files is unknown;
in response to determining that the reputation of each of the plurality of files is unknown, logging changes made by the plurality of files to the client device;
obtaining additional information indicating that an unknown file of the plurality of files represents a threat to the client device;
in response to obtaining the additional information, reclassifying the plurality of files as a threat and determining that the changes made by the plurality of files are to be reversed; and
in response to determining that the changes made by the plurality of files are to be reversed, initiating reversal of the changes made by the plurality of files by instructing the client device to reverse the changes made by the plurality of files to the client device that were logged during a logged time interval that is less than a time period during which the plurality of files were present on the client device.